Beyond Firewalls: Where Telecom Risk Really Lives 

Telecom security crossed a line last year. Seemingly small changes in how devices attach can shift real money and undermine public trust. Meanwhile, AI is being embedded into networks faster than governance can keep up, widening the gap between what’s technically deployed and what’s operationally defensible. In this piece, we unpack what happened and why it matters, and show what founders can do next, turning today’s risks into tomorrow’s defensible products. 

Breaking Telecom Trust: How 2025 Exposed South Korea's Vulnerabilities 

Two storylines converged, raising the baseline level of risk in telecom networks. In May, South Korea confirmed a carrier-scale breach at SK Telecom that investigators linked to BPFDoor and treated as a matter of national security rather than a routine IT incident. Warnings about BPFDoor date to 2022, when PwC associated Red Menshen, a China-based group, to attacks on telecoms across the Middle East and Asia. Subsequent probes estimated the impact at 27 million users, and regulators fined SK Telecom ₩134.8 billion (about $96.5 million) for weak safeguards and slow notifications.  

However, the most brazen twist arrived over the air, not the web. In September, KT said attackers used unauthorized mini base stations (femtocells) to intercept verification messages during payment flows, marking the first publicly confirmed case of its kind in Korea and triggering immediate consumer concern. Initial findings identified 278 victims, about ₩170 million (roughly $122,000) in losses, and 5,561 IMSIs potentially exposed. Within a week, the tally increased to 362 victims and ₩240 million (about $173,000), with identifiers for around 20,000 users in scope; police seized four rogue devices and announced two arrests. 

Thread these scenes together and a pattern snaps into focus: attackers are reaching users over the air while also penetrating enterprise systems. That combination turns telecom security into an ecosystem-level challenge that touches devices, radios, core databases, and public trust all at once.  

Security by Design: How Telecoms Are Behind the Curve 

South Korea has effectively illustrated how legacy incentives can lock telecom operators into a reactive security posture. Post-incident write-ups detail accumulated operational debt: outdated OS builds, missing baseline controls, and slow internal escalation; all symptoms of a culture tuned for uptime, coverage, and cost rather than security by design.  

And this isn’t uniquely Korean; it’s what happens when networks that were never built with adversaries in mind are interconnected with decades-old interconnects. Location-tracking attacks don’t need an app or proximity; they ride the global signaling infrastructure. Each time a phone attaches to the network, it reveals where it is, at least to the serving cell or sector, and specially crafted signaling messages can query that trail. And no, SS7 wasn’t “fixed”: because it was built on implicit trust, many networks still answer these queries without strong filtering, and LTE interworking keeps the weaknesses alive for fallback. In IMS and 5G SBA, location data still moves between core elements for mobility, so anyone who gained or compromised access to interconnect APIs can request updates in similar ways. The attack surface is evolving, but the underlying trust model remains the central issue. 

If that’s the culture debt, attackers exploit the process debt as well, the soft spots in identity and customer ops that sit outside “security by design” and legacy systems. Concrete 2024 data show how low-friction these attacks have become: IDCARE logged a 240% surge in SIM-swap cases, with 90% requiring no victim interaction. The playbook is pure social engineering, abusing number portability to move a target’s line to a new SIM, cutting off service and capturing calls, texts, and OTPs. A Princeton study of five major US prepaid wireless carriers found first-attempt success in 80% of swaps, with no in-person checks and weak MFA, evidence that usability-first workflows still hand attackers the keys. 

The hardware front has gone truly mobile. Portable “SMS blasters” and rogue base stations ride in cars and backpacks. They send scam texts directly to nearby phones, bypassing carrier filters, with campaigns hitting around 100,000 texts per hour in Bangkok. Seizures have been reported in countries including New Zealand, Thailand, and the UK. The devices work by manipulating how phones link to networks: a blaster advertises a stronger 4G signal to lure devices, then forces a fallback to the less secure 2G standard. The whole cycle takes under 10 seconds, often without the owner noticing. 

Some phone makers moved first, not the telcos. For example, on Android, you can disable 2G in settings to block forced downgrades (with emergency fallbacks only). Helpful, but it’s a handset-side mitigation: availability varies by device and carrier; it doesn’t protect users on older models or those who leave 2G enabled, and network-side risks remain. 

From all the above, and from countless other examples across the industry, it’s clear that telecom security isn’t a single bug to be patched but a systemic gap. The result is a mismatch between telco DNA and modern cybersecurity demands: these companies were historically optimized for uptime, coverage, and cost efficiency, not adversarial resilience. That cultural and technical gap is precisely where new entrants and specialized firms can intervene, offering security-first approaches that legacy carriers often struggle to internalize. 

AI’s Double-Edged Sword 

The AI rush is also outpacing the rulebook. New reporting shows systemic weaknesses across public AI tools: 84% of AI web tools have already suffered breaches, 93% show SSL/TLS misconfigurations, 91% run on weak or outdated hosting, and 51% have leaked corporate credentials. Adoption is racing ahead at the same time, with around 75% of employees now using AI for work while only 14% of organizations have a formal AI policy in place. IBM’s 2025 Cost of Data Breach Report adds that around 13% have already suffered breaches of AI models or apps, with 97% lacking proper access controls. 

The risks are not theoretical. At the customer interface, even small pilots like chatbots or assistants pose exposure risks because they handle billing details, usage patterns, and location data. For that reason, they should be treated as PII systems, with audited access, sensible retention, and a tested rollback path. As workloads move to the edge for latency, every additional site becomes a potential entry point unless authentication and encryption are applied consistently. 

For telecom operators moving toward 6G and embedding AI across critical layers, the signal is clear: the attack surface expands as adoption widens. But AI is not only a source of risk; it is also a defensive asset. AI-driven threat detection can process massive volumes of network telemetry and behavioral data in real time, spotting anomalies and intrusion attempts far earlier than human teams could. This shift to continuous, adaptive defense will be essential as adversaries exploit new vectors. 

Even so, defensive use should not blind operators to systemic risks. When models support optimization, predictive maintenance, or fault detection near core systems, poisoning or compromise can misroute traffic, mute alarms, or disable infrastructure. The lesson is that AI must be deployed with the same rigor as any critical system, and if that rigor is applied consistently, from customer-facing pilots to core optimization models, AI can be an enabling force rather than a structural liability. 

Startups in Telecom Security: Agility vs. Legacy Constraints 

Startups have a structural advantage in telecom security because they aren’t constrained by decades of legacy infrastructure, organizational inertia, and procurement cycles that characterize large operators. They can design solutions from scratch with security by default, adapt faster to new attack patterns, and pursue narrow, high-impact use cases that incumbents often overlook. Agility is the differentiator: while large operators focus on uptime and scale, startups can focus on adversary resilience and innovation. 

Identifying the right gap starts with watching where pressure builds fastest. Regulations and fines often reveal blind spots that operators must fix but cannot resolve quickly. Consumer complaints, post-incident reports, and academic studies expose weaknesses that persist despite repeated warnings. Another way is to follow the attacker’s playbook: wherever fraud or intrusion is happening at scale, such as SIM swaps, rogue base stations, and interconnect abuse, there is usually room for a sharper defensive product. Founders who systematically track telecom incident data, regulatory shifts, and customer pain points can spot opportunities before telcos themselves react. 

Several emerging companies are already staking claims in telecom security. OneLayer offers zero-trust segmentation and asset management in private 5G/LTE setups, giving operators fine-grained visibility into device behaviors and abnormal traffic. ContraForce provides orchestration of AI agents and detection/response platforms for multi-tenant environments, showing how security layers can be delivered at scale to service providers. And KETS Quantum is advancing quantum key distribution (QKD) and quantum-safe technologies to strengthen the cryptographic foundations of communications for the long term. 

In telecom security, spotting a weakness is only the spark. To break through, the harder task is turning it into a trusted product in a risk-averse industry. The path gets easier by plugging into carrier, vendor, or MSP ecosystems instead of trying to displace incumbents. Trust builds faster with red-team results, real incident case studies, and third-party certifications than with lab demos. Procurement cycles shorten when the business model is crystal clear: whether aimed at private 5G enterprises, carriers, or OEMs. Nothing accelerates credibility more than fluency in regulation, showing exactly how compliance hurdles are met. 

Designing for Resilience in Telecom 

Telecom security isn’t a problem that can be solved with a single fix; it’s a system issue born of legacy incentives, porous signaling, and an AI surge outpacing governance. There’s no single remedy, so focus: pick a choke point, prove measurable risk reduction, then expand.  

If you’re a founder working in this window, or a researcher ready to spin out, design for adversary resilience first, then scale and let xG-Incubator help you prove it on real networks.